AIKIDO-2026-663412
prefect is vulnerable to Server-Side Request Forgery (SSRF)
60
Medium Risk
This Affects:
prefectTL;DR
Prefect validates user-supplied JSON schemas with the jsonschema library, which resolves $ref references through a default registry that fetches external URLs over HTTP during instance validation. A schema containing a remote $ref that points at an internal host or a link-local cloud metadata address causes the server to issue a blind outbound request while validating, and the failure surfaces as an uncaught referencing error rather than a clean validation error. This lets a caller probe internal services and metadata endpoints reachable from the server. The fix adds a non-fetching registry that resolves only in-document references and raises a controlled error for external refs without performing any network request.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
prefect is vulnerable to Server-Side Request Forgery (SSRF) in versions 3.0.0 - 3.7.4.
How to fix this
Upgrade the prefect and/or the prefect-client library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant